Gideon Spanier: How safe are the apps on your mobile?

Wednesday 7 November 2012 12:26 BST

The Nexus 4 smartphone, left and the Nexus 10 tablet are shown by Randall Safara of Google at a Google announcement in San Francisco, Monday, Oct. 29, 2012. Google is adding a few more gadgets to holiday shopping lists. The devices announced Monday include the latest in Google's line of Nexus smartphones and a larger version of the 7-inch tablet that the company began selling in July under the Nexus brand. (AP Photo/Jeff Chiu) AP Photo/Jeff Chiu

Apps have transformed our behaviour on our mobile phones and tablets. There is now a seamless way to access everything from news and games to our most personal data such as social media and financial transactions with the swipe of a finger.

The benefits are clear: not having to input your password every time you click on to, say, Twitter makes it fast and easy. And when the app knows your location, it can provide more relevant local services — something that will only increase as ultra-fast 4G networks make accessing the web on the go as fast as home broadband.

“We’re entering the era of contextual apps,” says Daniel Joseph, co-founder of The App Business, a Soho-based firm that creates apps for companies such as Unilever and BSkyB.

“Apps will understand who you are, where you are, and what you want, and automatically meet your needs, without you having to lift a finger — well, maybe a thumb. The opportunity to create long-term value and loyalty here is enormous.”

But, as Joseph warns, “the opportunity to do damage to your relationship with your audience” has also increased because privacy is under greater threat if companies fail to act carefully and respectfully.

Most of us are unaware of the sheer scale of the data that some apps collect, and some companies are doing a poor job of explaining it to consumers — particularly when the app ecosystem is not policed that vigilantly and regulation struggles to keep up with technology.

New research by US technology firm Juniper Networks suggests that 24% of free apps in Google Play, the app store for Android phones, have permission to track your location. More disturbing is Juniper’s claim that nearly 7% of free apps are able to access your phone’s address book and pass the details back to the creator of the app — something that Twitter, for example, has been able to do.

Other alarming trends include the ability to access the mobile device’s camera remotely (about 5.5% of free apps) and a facility to send text messages or make calls without asking the phone owner’s explicit permission (about 2.5%). Such “stealth” texts or calls could result in a nasty shock on next month’s phone bill.

Most shocking of all, some apps even have the ability to listen to ambient noise around the phone, such as a conversation in a room. Not for nothing do some experts describe the smartphone as “the ultimate listening device”.

Dan Hoffman, an expert on mobile security at Juniper, points out that most companies have permission to track behaviour because it is buried in the terms and conditions (T&Cs) of each app. But it doesn’t help that sometimes the small print fails to explain clearly why it is necessary for a company to get access to this information.

That the situation occurs is more often cock-up rather than conspiracy, experts say. For example, Facebook came under fire earlier this year when it was found to have created a facility in its mobile app that allowed it to access data from a phone user’s text messages. Facebook insisted it had not used this facility and had no plans to do so.

However, the point is that the theoretical possibility exists for app creators to exploit this ability to collect information from users. “Most people don’t understand what they are agreeing to [with T&Cs] or have the proper information needed to make educated decisions about which apps to trust,” says Hoffman, who warns that free online gaming and casino apps are a special area of concern as their T&Cs are more likely to allow them to track behaviour.

These potentially rogue apps, known as malware, are a bigger problem on Google’s Android mobile operating system because it is open and any app developer can use it — unlike Apple, which must approve every app before it is made available in its store.

Those close to Google say it ensures rogue apps are quickly removed and there was a 40% fall in such cases last year. But online security firm Kaspersky Lab said this week that it had continued to see “new mobile malicious programmes” in recent months, and it claims Google’s Android is the platform “most frequently targeted by cybercriminals”.

James Hilton, chief executive of advertising agency M&C Saatchi Mobile, says mobile users can’t just blame the operators and should be more pro-active in managing their privacy — for example by installing security software or deactivating location-based technology.

“The majority of people who complain about terms and conditions haven’t read them,” he adds. “It says: ‘We’re going to text from your phone, we’re going to email from your phone.’ They’re not hiding it.”

A particular problem, Hilton warns, comes when people sign up for a third-party app or service with their Facebook details. That means the third party can get access to a lot of that personal Facebook data legally, because that’s what the T&Cs say.

There is no guarantee the world of apps is a happy place to be, if you’re not careful.